[dnssec-deployment] How does it work?

Wed Jun 24 05:27:37 EDT 2009

 ah... the NSO... i -knew- we needed to keep host records
 around for nameservers and their operators.  

--bill

On Wed, Jun 24, 2009 at 10:11:37AM +0200, Otmar Lendl wrote:
> Patrik Fdltstrvm wrote:
> > 
> > But to have cooperation or not when registrar is changing is not one of
> > them. The only case I can think of is if the receiving registrar does
> > not support DNSSEC transactions via epp, and in that case the registry
> > should implicitly remove the DS.
> 
> >From my perspective, what probably started the discussion was triggered by
> e.g. https://www.dns-oarc.net/files/workshop-200905/gudmundsson.pdf (and
> similar presentations at CENTR & ICANN meetings).
> 
> This basically establishes that we need cooperation between gaining and
> loosing nameserver operators (as you mention above).
> 
> Now, the role of the nameserver operator (NSO) doesn't show up in the ICANN
> Registry/Registrar/Registrant model (and thus the epp data model), so we
> really do have a problem here.
> 
> * Changing that model is non-trivial.
> 
> * Establishing a new communication channel between the NSO with the
> registry is non-trivial, too.
> 
> * direct communication between NSO doesn't scale ( it's O(n^2) )
> 
> * so perhaps the NSO use the registrars to talk to the registry.
> 
> However you want to slice it, transferring signed zones from one NSO to
> another is a tricky thing.
> 
> /ol
> -- 
> -=-  Otmar Lendl  --  ol at bofh.priv.at  --  http://lendl.priv.at/  -=-
> 
> #############################################################
> This message is sent to you because you are subscribed to
>   the mailing list <dnssec-deployment at shinkuro.com>.
> To unsubscribe, E-mail to: <dnssec-deployment-off at shinkuro.com>
> A public archive is available here: <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
> and older material is at
> <http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>